Open Bug 1043881 Opened 10 years ago Updated 2 years ago

consolidate all phone home functions into one and document it

Categories

(Firefox :: Security, enhancement)

enhancement

Tracking

()

UNCONFIRMED

People

(Reporter: hartnegg, Unassigned)

Details

I suggest that you consolidate all phone home functions into one.

It could at any time become a PR nightmare when some media reports that a software, that many users use all day, has an large number of phone home functions.

This is a bad situation to have in the middle of the NSA spy scandal, with even more announced to come.

Currently nobody knows how many phone home functions Firefox and Thunderbird have. Many are undocumented. The official list is outdated and incomplete, because every developer who wants to know something just adds yet another one. The state of some functions is unclear, for example is toolkit.telemetry.prompted still respected by Firefox at all? 

Also you should have a look at all of them, and check if all that huge amount of data is important enough to justify its collection. Even if you decide to keep them all, you can then give good reasons for doing so.

You should build one central function through which all data has to flow, make sure that everything is encrypted, and document precisely which part does exactly what, how each part can be disabled (through UI and autoconfig-file), and who has access to which data.

The documentation must always be kept up to date whenever something is added or changed, which should be done by collecting them all on one tab of the config UI, and making the documentation directly embedded there. Otherwise the docs will likely again come out of sync with the program.
This is a suggestion for a privacy/security feature, as such no need to hide it from public view.
Group: core-security
Component: General → Security
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.